Security Vulnerabilities, CVEs

CVE-2023-48964

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet.
Max CVSS
7.5
Published
2023-11-30
Updated
2023-12-05
EPSS
0.05%

CVE-2023-48963

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget.
Max CVSS
7.5
Published
2023-11-30
Updated
2023-12-05
EPSS
0.05%

CVE-2023-48958

gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
Max CVSS
5.5
Published
2023-12-07
Updated
2023-12-12
EPSS
0.04%

CVE-2023-48952

An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Max CVSS
7.5
Published
2023-11-29
Updated
2023-11-30
EPSS
0.05%

CVE-2023-48951

An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Max CVSS
7.5
Published
2023-11-29
Updated
2023-11-30
EPSS
0.05%

CVE-2023-48950

An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Max CVSS
7.5
Published
2023-11-29
Updated
2023-11-30
EPSS
0.05%

CVE-2023-48949

An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Max CVSS
7.5
Published
2023-11-29
Updated
2023-11-30
EPSS
0.05%

CVE-2023-48948

An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Max CVSS
7.5
Published
2023-11-29
Updated
2023-11-30
EPSS
0.05%

CVE-2023-48947

An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Max CVSS
7.5
Published
2023-11-29
Updated
2023-11-30
EPSS
0.05%

CVE-2023-48946

An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Max CVSS
7.5
Published
2023-11-29
Updated
2023-11-30
EPSS
0.05%

CVE-2023-48945

A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Max CVSS
7.5
Published
2023-11-29
Updated
2023-12-05
EPSS
0.05%

CVE-2023-48940

A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Max CVSS
5.4
Published
2023-12-06
Updated
2023-12-11
EPSS
0.05%

CVE-2023-48930

xinhu xinhuoa 2.2.1 contains a File upload vulnerability.
Max CVSS
9.8
Published
2023-12-06
Updated
2023-12-11
EPSS
0.06%

CVE-2023-48929

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information.
Max CVSS
9.8
Published
2023-12-08
Updated
2023-12-12
EPSS
0.11%

CVE-2023-48928

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
Max CVSS
6.1
Published
2023-12-08
Updated
2023-12-12
EPSS
0.05%

CVE-2023-48925

SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run().
Max CVSS
9.8
Published
2023-12-14
Updated
2023-12-18
EPSS
0.08%

CVE-2023-48914

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.
Max CVSS
8.8
Published
2023-11-30
Updated
2023-12-05
EPSS
0.06%

CVE-2023-48913

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.
Max CVSS
8.8
Published
2023-11-30
Updated
2023-12-05
EPSS
0.06%

CVE-2023-48912

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.
Max CVSS
8.8
Published
2023-11-30
Updated
2023-12-05
EPSS
0.06%

CVE-2023-48910

Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
Max CVSS
9.8
Published
2023-12-04
Updated
2023-12-07
EPSS
0.07%

CVE-2023-48894

Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function.
Max CVSS
6.5
Published
2023-11-30
Updated
2023-12-06
EPSS
0.05%

CVE-2023-48893

SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate.
Max CVSS
8.8
Published
2023-12-01
Updated
2023-12-31
EPSS
0.06%

CVE-2023-48887

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.
Max CVSS
9.8
Published
2023-12-01
Updated
2023-12-06
EPSS
0.06%

CVE-2023-48886

A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request.
Max CVSS
9.8
Published
2023-12-01
Updated
2023-12-06
EPSS
0.07%

CVE-2023-48882

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.
Max CVSS
4.8
Published
2023-11-29
Updated
2023-12-05
EPSS
0.05%
50 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 ...... 40 41 42 43 44 45 46 47 48 49 50